Overview

File _patchinfo of Package patchinfo.981

<patchinfo incident="981">
  <issue id="938343" tracker="bnc">/usr/lib/polkit-1/polkit-agent-helper-1 libgcrypt linkage drops euid in FIPS mode, causing setuid root loss</issue>
  <issue id="920057" tracker="bnc">CVE-2015-0837: libgcrypt, gpg: mitigations against side-channel attacks</issue>
  <issue id="CVE-2015-0837" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update fixes the following issues:

Security:
* Fixed data-dependent timing variations in modular exponentiation
  [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical] (bsc#920057)

Bugfixes:
* don't drop privileges when locking secure memory (bsc#938343)
</description>
  <summary>Security update for libgcrypt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places